Could you please check if the following IP is blocked: 184.108.40.206
All the certificates are expired and I'm having some troubles renewing them as in the past.
root@xxxx:~# curl -4 -vvv https://acme-v02.api.letsencrypt.org/directory
- Trying 220.127.116.11:443...
- TCP_NODELAY set
DNS resolutions seems to be working fine. On my firewall I see the exit but I don't see incoming traffic.
Thanks in advance!
All the best,
Can you connect to other sites?
curl -4 https://google.com/
We are not blocking this IP address.
root@xxxx:~# curl -4 https://google.com/
The document has moved
Thanks for the check. Then I have to find another solution for this.
Please show the output of:
root@xxxx:~# netstat -nr
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
0.0.0.0 172.28.10.92 0.0.0.0 UG 0 0 0 ens160
172.28.10.0 0.0.0.0 255.255.255.0 U 0 0 0 ens160
To be honest, this is quite tricky.. I just cant manage to find the problem..
This is the traffic - i see outgoing but nothing blocks on the firewall, there is nothing on implicit deny
Was that the entire output of
netstat -nr ?
Yes its the entire output.
I've found the problem yesterday in an evening troubleshooting session.
You see, we have two uplinks from our network. The backup uplink is not configured right and if packets arrive from that endpoint, then they are not properly routed.
The HTTP challange is initiated over our primary uplink so until we fix our uplinks there is nothing i can do about the renewal of the certificate.
But many thanks for the help and the quick answers!
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.